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NATIONAL SECURITY AGENCY 
CENTRAL SECURITY SERVICE 

FORT GEORGE G. MEADE, MARYLAND 20755-6000 

24 December 2008 

MEMORANDUM FOR THE CHAIRMAN, INTELLIGENCE OVERSIGHT BOARD 

THRU: Assistant to the Secretary of Defense (Intelligence Oversight) 

SUBJECT: (U//POUO) Report to the Intelligence Oversight Board on NSA Activities - 
INFORMATION MEMORANDUM 

(U//EOUOT Except as previously reported to you or the President, or otherwise stated in 
the enclosure, we have no reason to believe that any intelligence activities of the National Security 
Agency during the quarter ending 30 September 2008 were unlawful or contrary to Executive 
Order or Presidential Directive and thus should have been reported pursuant to Section 1,7.(d) of 
Executive Order 12333. 



(U/' /FOliO) 1 The Inspector General and the General Counsel continue to exercise oversight 
of Agency activities by inspections, surveys, training, review of directives and guidelines, and 
advice and counsel. These activities and other data requested by the Board or members of the staff 
of the Assistant to the Secretary of Defense (Intelligence Oversight) are described in the enclosure. 




.JL&WJL- 

GEORGE ELLARD 
Inspector General 


VITO T. POTENZA 
Genera! Counsel 


A- 


(U//FOUO) I concur in the report of the Inspector General and the General Counsel and 
hereby make it our combined report. 



Lieutenant General, U. S. Army 
Director, NSA/Chief, CSS 


Enel: 

Quarterly Report 


This document may be declassified and marked 
“UN CLASS IF I ED/4 ui UlliUdl UIWUiiPT 
upon removal of enclosure(s) 

Derived From: NSA/CSSM 1-52 
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1. (U//H3UO) Intelligence, counterintelligence, and intelligence-related activities 
that violate law, regulation, or policy substantiated during the quarter, as well as 
actions taken as a result of the violations. 

(U) Intelligence Activities (b)(3)-p.L. 86-3 


(TS//SI// REL TO USA, FVEY) Unintentional collection against United States 
persons. This quarter, there were! linstances in which Signals Intelligence (SIGINT) analysts 
inadvertently targeted or collected communications to, from, or about U. S. persons while 
pursuing foreign intelligence tasking. All intercepts and reports have been deleted or destroyed 
as required by United States SIGINT Directive (USS1D) SP0018. 

ti»> (1) 

{•'t>) (3) -P. L. 86-36 
b)(3)-18 USC 798 
b)(3)-50 USC 3024(1) 


(U) Unauthorized Targeting 


used th e U.S. 

_ The selectors 

Office of General 
as found. H e had not been 

l analysts have received 


SIGINT System (USSS) to locate f 

were tasked before authorization was obtained fr 
Counsel (OGC) denied the authorization request, 
kidnapped. The | 

additional intelligence oversight training. 


believed to be kidnappei 


m //61//NQA selector for an Attorney General (AG)-authorized target remained on collection 
for lafter th e AG authorization expired on | | The selector was detasked 

on |_ No collection occurred as a result of the process violation. A review of all 

other targeted selectors relating to the tar get was conducted. All selectors were confirmed 
terminated on or before I /'"(b) ( i i 


during an experimental collection and processing effort, 


The messages were deleted 


hen the error w^ (1 > 


(b)(31-P.L. 86-36 
(b): (3) -18 USC 798 
!b) (3)-rb0 USC 3024(1) 


an NSA analyst found 


should have been detasked 


I No queries on the selectors had been made before 
when the selectors were deleted, and all collection was purged from the database. 


mistakenly 


nstead of the ! I 


targeted 


associated w ith a foreign target. The violation was corrected by the analyst oi 
_ and the associated collection was purged from the NSA database. 
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nSSmm _i .selectors were d fit asked and collection was destroyed when 

___| An analyst misunderstood the 

direction to treat the target a s a U.S. person until the target's state was verified and retasked the 

selectors]_ The selectors w ere again detasked an d intercept purged from NS(b)( 1 ) 

databases when the violation was identified (b)(3)-P.L. 86-36 


(b)(1) 

(b)(3)-P.L. 86-36 


(T0//S I//NPt|_Jduring routine oversight, an NS A databa se auditor found 

I I telephone selectors f |in the United States| ~| According to the 

analys t responsible for theP^ ^ | 

I I This process violati onresulted in collection. The selectors were removed from the query, 
and collection was deleted I ~1 (bj(3)-P.L. 86-36 


-fS /rSE/REL TO USA f\T.¥ 4 1 | a review of a| 

that selectors fori Iforeien intelligence targ ets were not detasked f 
I [T he selectors were detasked and collection 

occurring between | was purged from NS A databases! 

2008 . - 1 - 

(U) Computer Network Exploitation (CNE) 


found 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 



(U) Database Queries 


(b)(1) 

(b)(3)-P.L. 86-36 


(T8//SI//REL TO USA, FVEY) On | l occasions NSA analysts failed to verify that targets were 
located outside of the United States before conducting database queries. | I 


P.L. 86-36 
18 USC 798 
50 USC 3024(i) 


queries were terminated and associated data was deleted. No reporting occurred. 

'(TS//S1//REL TO USA, FVEY)___an NSA analyst constructed a database query 

using the name of a U.S. organi zation. He typed the organization! I vhile 

pursuing foreign intelligen ce on | I Theque rv and 

retrieved data were deleted|~ | another analyst referenced a U.S. 


(b)(1) 

(b)(3)-P.L. 86-36 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 
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_whil e seari 

were deleted 


nformation on his foreign target. The query and resulting data 

(b)(3)-P.L. 86-36 

(b)(1) 

ditn£ b) ( 3) ' P L 86-36 
ulu Tb)(3)-18USC 798 

fa Ufe®D-50 USC 3024(i) 


During an 


audit of database queries, an 


(b)(1) 

(b)(3)-p.L. 86-36 found that a junior analyst queried 


:rson 


3 -eign intelligence target. She had not considered the 
a U.S. person. No collection resulted from the query, 


possibility that 


The analyst received additional training on intelligence oversight authorities from her auditor. 


_| an NSA analyst queried on a U.S. citizen using 

The a nalyst recognized the procedural failure. He 
[preventing the results from posting, and enrolled 


the | ^ spelling of the perso n's name. 

interrupted and deleted the quer>| 
in USSID SP0018 refresher training. 


(1 S//5I//NF) | _typing errors resulted in unauthorized 

queries. In both instances, one mistyped digit changed the selectors so that the query was against 
U.S. persons who were not foreign intelligence targets. The two queries were terminated and 
associated results deleted on the day of the queries. 


NSA database auditor found that an 


analyst queried 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-18 USC 798 
(b)(3)-50 USC 3024(i) 


ie analyst enrolled in 


ie queries and results were deleted, am 


refresher training. 


(iliZ/SL'Tijf^-On tw o occasions during training courses or research, NSA analysts queried on the 
| of other analysts. In both cases, no results were returned. The analysts were 
instructed on proper query construction. 


(U) Detasking Delays 


_I an NSA analyst removed the DNI selectors of ] 

Jbut failed to detask the telephone numbers. The process fai lure was corrected 
when the error was identified. There was no collection froml 


f3//3I//REL TO USA, rVEY)| _| a target initially thought to be legitimate and 

foreign was found to be a U.S. citizen. Although queries were terminated and selectors were 
detasked, collection was not purged from NSA databases in a timely manner. Purging took place 
_after the selector was detasked, when the analyst returned from sick leave. 


(S//S1//REL TO USA, rVEY) Unintentional dissemination of U.S. identities. There 
were [instances in which SIGINT analysts disseminated communications to, from, or about 
U.S. oersons while pursuing foreign intelligence tasking this quarter. All data have been deleted 
or destroyed as required by USSID SP0018. 
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(S//SI//REL TO USA, FVEY) During this quarter,| |sIGINT products were cancelled because (bjpj-p l 86-36 
they contained the identities of U.S. persons, organizations, or entities. In all instances, the 
reports were either not reissued or were reissued with proper minimization. 


analyst |~ I When the error w as 

found the same day, the | | was destroyed. All | ~| were 

reviewed for U.S. person information, and the analysts have received remedial training. 

| ____ (b)(3)-P.L. 86-36 

-{G/,'0I.7REt“)| _ Ithe na me of a U.S. organizat ion involved with the [b)( 3 ) 50 use 3024 (i) 

|was included i n a tip to | I 

| without a finding that the U.S. identity 

was necessary to understand the foreign intelligence or assess its importance. The tip was 
recalled and the recipients destroyed their copies. 


(b)(3) p l 86 $U) The Foreign Intelligence Surveillance Act (FISA) 

(U//FQUO) Foreign Intelligence Surveillance Court (FISC)-Authorized Collection 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


(TS//S1//NF)! _ I an NSA analyst learned that a telephone number had not been 

Ibecause o f a typing error. This mi stake resulted in the collection of | | 

I the United States between l | Once identified, 

the typing err or was corrected, and the | [ intercepts were deleted from the NSA database on 

(b)(1) 

- (b)(3)-P.L. 86-36 


i-P.L. 86-36 
i-50 USC 3024(i) 




■4 TS//SI//NF) On | [occasions, NSA analysts queried a total of 
had not been vetted as| 


'.L. 86-36 
8 USC 798 
0 USC 3024(i) 


ltelenhone selectors that 


I The FISA query 

requires reasonable suspicion determination. This misperception was corrected through 
instruction. Search results were not retained by t he analysts, and no reports were issued. Th is 
mistake has resulted in increased internal controlsl 1 


(b)(1) 

(b)(3)-P.L. 86-36 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 
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(U) The FISA Amendments Act (FAA) 


(b)(3)-P.L. 86-36 


(1 G//31//RLL TO USA, FVEY)|_|an NSA analyst forwarded FAA data to " ' 

recipients who were not cleared for FAA. lie analyst intended to send the e-mail | | 

t | _ __analysts b ut selected an e-m ail alias with a broader 

j _pudience. The e-mail was recalled and destroyed| | (b)(i) 

(b)(3)-P.L. 86-36 

/"re //ci/mnl |3)-18 USC 798 

41 _ 1,31-60 u se 3024(i) 


(b)(1) I 

(b)(3)-P.L. 86-36 


- (TS//GI// , RCL TO USA, TVCY) During a tasking record review | | NSA ( b )( 3 )- p L 86 ' 36 

analysts learned that | | targeted selectors had been tasked under the wrong authority . This d ue 

diligence review measure found that t he analyst mistakenly selected PAA Certification ! I 

instead of the F AA | [ Certificatio n, No collection occurred between jb)( 3 )-P.L. 86-36 

I | when the selectors were tasked andj |when the correct authorizatioft>)(3)-50 use 3024(i) 

was assigned. (b)(i) 

(b)(3)-P.L. 86-36 

(TS//9I//NF)| |NSA analysts learned that a target's e-mail selector was 

^ ' - " ~ t[d)(3)-P.L. 86-36 

.. ... .. . .|(b)(3)-18 USC 798 

I The selector was detasked I I and collection was nurired from NSA (b)(3) ' 50 usc 3024(l) 


iatabases 


(b)(i) 

(b)(3)-P.L. 86-36 


r A valid foreign FAA target traveled to the United Statesf 


| | The analyst submitted a detas king request 

| but t he detasking did not take effect until| 
purged ot collection ! | 

(U) The Protect America Act of 2007 (PAA) 


NSA databases were 


(b)(1) 

(b)(3)-P.L. 86-36 


(TS//S1//REL TO USA. FVEV) | an e-mail selector that did not belong to the 

intended target was tasked because of a typing error. The location of the tas ked e-mail address is 
not known. No collection occurred |~ | when the mistake 

was identified. 



(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-18 USC 798 
(b)(3)-50 USC 3024(i) 
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_I The selector was detasked on 

No collection occurred. 


<T0//Qh7tff ) 


(b)(1) 


3 X1) 

)(3)-P.L. 86-36 
(b)(3)-18 USC 798 
(b)(3)-50 USC 3024(i) 


(b)(3)-P L 86-36 

"fF8//Sl7¥Nf^ NSA failed to remove a target selector from tasking when the | 

Resea rch revealed that the j | the United States on[ 

1 | The selector was detasked | | No collection occurred. 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-18 USC 798 
(b)(3)-50 USC 3024(i) 


fTO//GI// RtIL TO USA, rVEV) During a tasking record review, NSA learned that I I targeted 

selectors had been tasked under the wrong PAA authori ty. Th is due dili gence m easu re found 
that analysts had mis takenly selected PAA Certification! | instead of| |. T he | 
errors occurred from | | with no 

collection resulting. Thc l I The associated (b )(i) 

intercept was purged from NSA databases! (b)(3)-p.L. 86-36 


(TS//GI//RCL TO USA, FVEY) A selector was tasked ! l and detasked th e same 

day when the analyst recognized that the target Nation research had UQl been completed OSUl— 


address was not re-tasked. No collection occurred. 


(b)(3)-50 USC 3024(i) 

The 


(b)(1) 

(b)(3)-P.L. 86-36 


(TS//SI//Nr j I NSA analysts learned that an e-mail address did not belong 

to the intended tar get. The! Iforwarded a mi styped e-mail selector that was tasked under 
PAA Certification ] | Th e PAA-tasked e-mail select or resulted in 

collection, which was purged from NSA databases 


XTS//3I//Nr) NSA failed to detask an AG-authorized selector from PAA collection when the 
FAA was signed on 12 July 2008 . An NSA analyst reviewing tasking files discovered the 
oversight ] | The telephone number was detasked the same day. No 


collection occurred 


fp s//oi//Nn r 


NSA analysts learned that a target's e-mail selector had 


I he selector was detasked ]^ 


jan 


and collection was purged from NSA databases on 


(U) Counterintelligence Activities 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-18 USC 798 
(b)(3)-50 USC 3024(i) 
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(U) Nothing to report. 

(U) Intelligence-related Activities 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


(S//SI//NF) To reduce the risk of unauthorized telephony collection and to prevent violations, 
NSA/CS S instituted a process designed to give analysts greater and faster insight into a targe t's 
location. I I 


When 


collection occurred, it was purged from NS A databases. 


(b)(1) 

-‘b)(3)-P.L. 86-36 
p)(3)-50 USC 3024(i) 


1 | NSA/CSS analysts foundl lemail selectors! I 

I this quarter. In each case, the 

selectors were detasked. Collection occurred on | | ofthe | [ instances; NS A databases 
were purged of the intercept. No reports were issues on the collection. 

~tS//SI//R CLTQ UGA, FVEY) Although not violations of E.O. 12333 and related directives, 

NSA/CSS reportsLJinstances in which database access was not terminated when the need for "(b)( 1 ) 
access was no longer required. Once identified, accesses were revoked. Almost half of the (b)(3)-P.L. 86-36 

incidents discovered can be attributed to an inte lligence oversight internal control instituted by 

IA SIGINT databas e access screening process for 
analysts reporting to the j [ .as resulted in the termination 

of accesses before security violations can occur. 


(b)(3)-P.L. 86-36 


(b)(3)-P.L. 86-36 


(TE//SI//RE L TO USA. rVCYl A|_Assigned to a|_ < b >< 3 >- pL 86 - 3 ' 

lused his predeces sor's NSA Network account and SIGINT database account from 

_ When the security violation was identified, the analyst was 

counseled on proper information technology security processes. 

/(b)(3)-P.L. 86-36 

(TG//RLL TO USA, r VEYjf~ Ian NSA/CSS analy st included unminimized 

SIGINT in the form of | [to | customer. j b j[Jj. p L 86 . 36 

When this USSID SP0018 violation was discovered ! the! hna lvst and the(b)(3> -18 USC 798 

customer destroyed the files. Minimized data was then forwarded to ) (b)(3)-50 use 3024(i) 

(TS// SI//REL TO USA: F¥E¥> Onl loccasion j I 

[ analysts incorrectly entered their own information into an NSA database for SIGINT 
collection and analysis. Believing that the dat a field required information on the analys t who 
tasked the selectors, the analysts entered the ir | | 

] When the mistake was identified f | the data was 

removed, and the analysts received analysts received additional tasking training. 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 
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(S//SI//REL to USA, UK) 



(b)(1) 


9-P.L. 86-36 
(3)-18 USC 798 
(3)-50 USC 3024(i) 


798 
3024(i) 

(T3//31//REL TO UGA, rVE V j [ while gathering intelligence on foreign 

t n the defense of U.S. Department of Defense Networks, an NSA 
analyst discovered a U.S. hosted website containing child pornography. The matter has been (b)(3)-P.L. 86-36 
referred to the Department of Justice. 

(U//TOUO) The NSA/CSS OIG is rev iewing the alleged manip ulation of intelligence oversight 
training records at NSA/CSS Hawaii. | ( an employee reported that his 

training compliance date had been updated in the training database although he had not 
completed the annual E.O. 12333 training. Initial research by the NSA/CSS Hawaii intelligence 
oversight program manager indicates that one of the intelligence oversight database 
administrators may have wrongfully changed training completion dates of some employees. 

2. (U//FOtf0j NSA/CSS OIG Intelligence Oversight Inspections, Investigations, 
and Special Studies. 


H fllEL TO UGA, FVEY) [ 



(U/ /FOIX - H During this quarter, the OIG reviewed various intelligence activities of the 
NSA/CSS to determine whether they had been conducted in accordance with applicable statutes, 
Executive Orders, AG procedures, and Department of Defense and internal directives. With few 
exceptions, the problems uncovered were routine and showed that operating elements understand 
the restrictions on NSA/CSS activities. 


(U// FOUof 


. ___ The joint inspection found that I/O roles 

and responsibilities were not clearly defined and I/O processes and procedures were not 
developed and documented. Two percent of the workforce had not completed initial I/O training 
as required by NSA/CSS Policy 1-23. The NSA/CSS OIG will track corrective action through 
completion. 


(b)(3)-P.L. 86-36 


TOP SECRET/'/COMINT. ' /NOrORN 
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rS//RELTOUSA FVEY f " .~ 

| On 26 September 2008, the NSA/CSS OIG completed a special study of the 

nsa| " 


(b)(1) 

(b)(3)-P.L. 86-36 
(b)(3)-50 USC 3024(i) 


The objectives of the review were to identify authorities for the handling of data in i l and 

to determine whether policies and procedures are in place and followed to ensure compliance 
with those authorities. We also revie wed system security practices related to | ] information 

systems. We found that the_is not in compliance with the NSA Associate Directorate for 

Security and Counterintelligence policies and procedures in three instances. Specifically, the 


_Jlacks an oversight board or mechanisms; required quarterly meetings with the NSA OGC 

do not occur; and executive reviews have not been conducted. The study also found that three 
auditing practices do not follow internal control standards; there are no pr ocedures for auditing 

Iq uenes; and oversight of | [ system security is 
lacking. The NSA/CSS OIG will track corrective action through completion. 


(b)(3)-P L. 86-36 


{ ■ S//SI//REL - TO USA,-FVEY) Alleged Unauthorized Disclosure of Classified 
Information and Misuse of the USSS. The NSA/CSS OIG is conducting an inquiry into 
alleged unauth orized disclosure of classified information and misuse of the USSS. Reportedly, 
l a Navy Cryptologist met with an uncleared Navy Family Readiness social worker 
and disclosed that he had targeted his ex-wife and other family members through his job. A 
review of the social worker's notes and statement revealed that the information shared was 
classified Secret//SIGINT//Releasable to the United States, Australia, Canada, Great Britain, and 
New Zealand. The results of the inquiry will be provided upon completion. 


(U) Congressional, IOB, and DNI Notifications 


(S//S1//NF) On 6 October 2008, NSA notified the Senate Select Committee on Intelligence 
(SSCI) of an impending televised interview of James Bamford by ABC News, and the 
impending release of his book The Shadow Factory: The Ultra-Secret NSA from 9/11 to the 
Eavesdropping on America. The subject of the interview was the allegation that NSA had 
engaged in improper intelligence activities. The allegation and book were based in part on 
allegations made last year by retired SGT Adrienne J. Kinne, a U.S. Army Reservist, who had 
been assigned to the Army Intelligence and Security Command at Fort Gordon, Georgia. 
Representatives from the NSA/CSS OIG, OGC, and Office of Legislative Affairs have since met 
with SSCI and HPSCI staffs to discuss the recent allegations of NSA misconduct by Ms. Kinne 
and former Navy Cryptologic Technican (Interpretive) Second Class Petty Officer David 
M. Faulk. NSA is investigating the claims of Mr. Faulk. The Department of the Army is 
investigating Ms. Kinne's claims. 


tS//3I//NF) Also on 6 October 2008, NSA/CSS informed the Assistant to the Secretary of 
Defense for Intelligence Oversight of improper disposal of classified information technology 
equipment from NSA/CSS Texas. 

3. (U) Substantive Changes to the NSA/CSS Intelligence Oversight Program, 

(U) Nothing to report. 


TOP S ECRET//COMINT//NOFQRN 
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4. (U) Changes to NSA/CSS published directives or policies concerning 
intelligence, counterintelligence, or intelligence-related activities and the reason 
for the changes. 

(U) Nothing to report. 

5. (U) Procedures governing the activities of Department of Defense (DoD) 
intelligence components that affect U.S. persons (DoD Directive 5240.1 -R, 
Procedure 15) Inquiries or Matters Related to Intelligence Oversight Programs. 

(U) Nothing to report. 
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